Malicious actors are attempting to exploit the global technology blackout to their advantage

MEXICO CITY (AP) — As the world continues to recover from massive travel and business disruptions caused by a faulty software update from cybersecurity firm CrowdStrike, malicious actors are trying to exploit the situation for their own gain.

Government cybersecurity agencies around the world and even CrowdStrike CEO George Kurtz are warning businesses and individuals around the world about new phishing schemes involving malicious actors posing as CrowdStrike employees or other technology specialists offering to help users recover from the outage.

“We know that adversaries and malicious actors will attempt to take advantage of events like this,” Kurtz said in a statement.

“I encourage everyone to remain vigilant and ensure they are engaging with official CrowdStrike representatives.”

The UK’s Cyber ​​Security Centre said it has noticed an increase in phishing attempts around this event.

Microsoft said 8.5 million devices running its Windows operating system were affected by Friday’s flawed cybersecurity update that caused disruptions around the world. That’s less than 1% of all Windows-based devices, Microsoft cybersecurity executive David Weston said in a blog post Saturday.

Weston added that such a significant impact is rare, but “demonstrates the interconnected nature of our broader ecosystem.”

What is happening with air transport?

With their tight schedules, interlocking timetables and complex technological systems, many major airlines are struggling to stay on time when everything is working properly. Unsurprisingly, the sector was one of the hardest hit by the outage, which left crews and planes disoriented.

By mid-afternoon Saturday on the US East Coast, airlines around the world had cancelled more than 2,000 flights, down from more than 5,100 on Friday, according to data from tracking service FlightAware.

About 1,600 of Saturday’s cancelled flights were in the United States, where airlines scrambled to relocate planes and crews after massive disruptions the day before. According to travel data provider Cirium, U.S. carriers canceled about 3.5% of their scheduled flights on Saturday. Only Australia was hit harder.

Cancelled flights were around 1% in the UK, France and Brazil, and 2% in Canada, Italy and India, among the main airline markets.

Robert Mann, a former airline executive and now a consultant in the New York area, said it was unclear exactly why U.S. airlines were suffering disproportionate cancellations, but possible causes included a greater degree of technology outsourcing and greater exposure to Microsoft operating systems that received the flawed CrowdStrike update.

Which airlines are most affected?

Delta Air Lines canceled more than 800 flights, or a quarter of its Saturday schedule, not counting regional Delta Connection flights. United Airlines followed, canceling nearly 400 flights.

The worst airport, for the second day in a row, was Hartsfield-Jackson Atlanta International Airport, where Delta is the dominant carrier. The Atlanta Journal-Constitution reported that thousands of people spent the night at the airport, with many sleeping on the floor.

European airlines and airports appeared to be slowly recovering, although Lufthansa and its subsidiaries cancelled dozens of flights. Its low-cost subsidiary Eurowings said check-in, boarding, booking and rebooking operations were back online, although “isolated disruptions” were possible.

London’s Heathrow Airport said it was congested but operating normally on Saturday and that “all systems are back to normal.” Flights at Berlin’s main airport were running on schedule or close to schedule, German news agency dpa reported, citing an airport spokesman.

How are health systems reacting?

Healthcare systems affected by the blackout had to deal with clinic closures, cancelled operations and appointments, and restricted access to patient records.

Cedars-Sinai Medical Center in Los Angeles, California, said it had made “steady progress” in getting its servers online and thanked its patients for their flexibility during the crisis.

“Our teams will be actively working through the weekend as we continue to resolve outstanding issues in preparation for the start of the work week,” the hospital wrote in a statement.

In Austria, a leading doctors’ organisation said the blackout had exposed the vulnerability of digital systems. Harald Mayer, vice-president of the Austrian Chamber of Physicians, stressed that the blackout showed that hospitals need analogue backups to protect patient care.

The organisation also called on governments to impose strict rules on the protection and security of patient data, and on healthcare providers to train staff and put in place systems to manage crises.

“Fortunately, where there were problems, they were small and short-lived, and many areas of care were not affected” in Austria, Mayer said.

The University Hospital of Schleswig-Holstein in northern Germany, which cancelled all elective procedures on Friday, said on Saturday that systems were gradually being restored and elective surgeries could resume on Monday.

Will the tech industry face a reckoning?

“I wasn’t that surprised that an accident caused a major global digital disruption. I was a bit surprised that the cause was a software update from a well-respected cybersecurity company,” said Oxford University management professor Ciaran Martin, former chief executive of the UK’s National Cyber ​​Security Centre.

“CrowdStrike is asking some very difficult questions. How did this update get past quality control?” he asked. “It’s clear that the testing regime, whatever it was, failed.”

Martin said the UK and EU governments would be powerless to take action to prevent such failures “because we have become dependent on a very American version of technology, and the power to do anything about it does not reside on this continent.”

Other analysts doubt the blackout will prompt Washington or any other government to propose new mandates for tech companies.

“I don’t know what the mandate will be. Is it better quality control?” said Eric Grenier, an analyst at Gartner, using an acronym for quality assurance.

What have scammers learned from the blackout?

Grenier expects most affected machines to be repaired within a week or so, though it will take longer to repair laptops for workers working in remote locations, since work cannot be done remotely.

Meanwhile, there will be scammers trying to take advantage of businesses that have reported being affected by the outage.

“The threat is very real,” Grenier says. “Malicious actors have the information they need to send targeted phishing emails and calls. They know what endpoint protection tools you use. They know you use CrowdStrike.”

Grenier said affected companies should make sure they are using a solution provided by CrowdStrike.

“Don’t accept help from someone who comes out of nowhere and says, ‘I’ll fix it for you,'” he said.